CN111800417A - ESB-based unified identity authentication method - Google Patents
ESB-based unified identity authentication method Download PDFInfo
- Publication number
- CN111800417A CN111800417A CN202010638944.7A CN202010638944A CN111800417A CN 111800417 A CN111800417 A CN 111800417A CN 202010638944 A CN202010638944 A CN 202010638944A CN 111800417 A CN111800417 A CN 111800417A
- Authority
- CN
- China
- Prior art keywords
- application
- layer
- esb
- identity authentication
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 230000002776 aggregation Effects 0.000 claims description 6
- 238000004220 aggregation Methods 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 abstract description 7
- 230000007246 mechanism Effects 0.000 abstract description 2
- 210000000056 organ Anatomy 0.000 abstract 1
- 230000010354 integration Effects 0.000 description 5
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000000007 visual effect Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention adopts the unified data exchange standard and the interface standard to integrate different user management modules and encryption authentication modules in a unified way, thereby realizing a unified identity authentication method based on ESB. The technology can seamlessly integrate and uniformly manage heterogeneous service application systems in aspects of a technical system structure, an operating system platform, a programming language and the like, effectively avoids repetition of identity authentication service logic and data redundancy in each service application system in organs, schools, enterprises and the like, improves the authentication efficiency and the utilization rate of system resources, and reduces the workload of design developers and system maintainers. Meanwhile, a unified identity authentication management mechanism is adopted to uniformly control the access of the service application system, and the safety of the system is enhanced.
Description
Technical Field
The invention relates to the field of identity authentication, in particular to a unified identity authentication method based on an ESB (enterprise service bus).
Background
With the rapid development of the information technology, the business application systems of each enterprise are increasing, and the requirements of mutual association of data and processes among the business application systems are also increasing. Due to different construction time periods and different construction requirements of each business application system, the business application systems are different in technical architecture, operating system platforms, programming languages and the like. When these different business application systems are designed, independent identity authentication modules are often designed according to the self requirements, and with the increasing number of business application systems, the traditional authentication mode gradually exposes that user information is not uniform, information redundancy, information repetition and identity are inconsistent, so that not only is resources wasted, but also the maintenance cost is increased. Therefore, the problems that the system safety is difficult to ensure, the maintenance difficulty is high and the like are caused.
An Enterprise Service Bus (ESB) is a product of a combination of a traditional middleware technology and technologies such as Extensible Markup Language (XML) and Web Service, and is used for realizing a solution based on an SOA (Service oriented architecture). The ESB provides information format conversion to realize seamless integration of application services, can eliminate technical difference between different applications, enables different application services to operate in a coordinated mode, and realizes communication and integration between different services.
Disclosure of Invention
The invention aims to solve the defects of the prior art and provide the uniform identity authentication method based on the ESB, which has the advantages of wide application range, low development difficulty and convenient implementation. The technology mainly provides uniform identity authentication service for each business application system of a user, the user can log in each application system only by once authentication, and the frameworks of each application system can be unified.
In order to solve the technical problems, the invention adopts the following technical scheme:
the uniform identity authentication method based on the ESB comprises a user layer, an application layer, a service layer, a data aggregation layer and a data source layer; the data source layer is connected with the service layer through the data convergence layer, and the service layer is connected with the application layer; the application layer is a user, the application layer is a Web portal, and the service layer is unified identity information; the aggregation layer is an Enterprise Service Bus (ESB); the data source layer is user authentication data of B/S structure application, C/S structure application, Web services application, CORBA application, DCOM application and Java application; the ESB is connected with the Web portal through the unified identity authentication service.
The API interface is connected with the ESB through the unified identity authentication service; the Web portal is a unified portal edited by a Java language architecture; the user inputs an account password through a Web portal, and the Web portal calls a data source layer through unified identity authentication information and ESB; the data source layer is one or more of user authentication data of B/S structure application, C/S structure application, Web services application, CORBA application, DCOM application and Java application.
The unified identity authentication information, the client, the application server and the enterprise service bus ESB are communicated through a Simple Object Access Protocol (SOAP).
The invention has the beneficial effects that:
1) the operation of a system administrator is simplified, the operation time of the system administrator for adding and deleting the user account is reduced, and the complexity of modifying the authority of the user is reduced;
2) the user can access all the application systems by logging in once, so that the time of logging in operation is reduced, great convenience is brought to an administrator for access control management of all the users, and the authentication efficiency is improved;
3) the user information is managed by adopting uniform identity authentication, so that the user information database resource of the original application system is saved, and the information sharing degree is improved;
4) the method and the device avoid frequent input of user names and passwords, adopt a unified identity authentication management mechanism, reduce the data inconsistency of the original dispersed authentication, carry out unified control on the access of the application system, and improve the convenience of the system access.
Drawings
Fig. 1 is a diagram of an ESB-based unified identity authentication model.
Fig. 2 is a schematic structural diagram of the present invention.
Fig. 3 is a flowchart of unified identity authentication.
Fig. 4 is a comparison diagram of the unified identity authentication technology.
Detailed Description
The invention will now be further described with reference to the accompanying drawings and embodiments:
the uniform identity authentication method based on the ESB comprises a user layer, an application layer, a service layer, a data aggregation layer and a data source layer; the data source layer is connected with the service layer through the data convergence layer, and the service layer is connected with the application layer; the application layer is a user, the application layer is a Web portal, and the service layer is unified identity information; the aggregation layer is an Enterprise Service Bus (ESB); the data source layer is user authentication data of B/S structure application, C/S structure application, Web services application, CORBA application, DCOM application and Java application; the ESB is connected with the Web portal through the unified identity authentication service.
The API interface is connected with the ESB through the unified identity authentication service; the Web portal is a unified portal edited by a Java language architecture; the user inputs an account password through a Web portal, and the Web portal calls a data source layer through unified identity authentication information and ESB; the data source layer is one or more of user authentication data of B/S structure application, C/S structure application, Web services application, CORBA application, DCOM application and Java application.
The unified identity authentication information, the client, the application server and the enterprise service bus ESB are communicated through a Simple Object Access Protocol (SOAP).
As shown in fig. 2, the ESB-based unified authentication approach includes an authentication module, a client, an application server, and an ESB (enterprise service bus) module. The unified identity authentication module, the client, the application server and the ESB communicate through SOAP (simple object access protocol).
The ESB is the intermediary of the client, the application server and the identity authentication module, and the client and the application server call the service of the identity authentication module through the ESB. The identity authentication module issues services through a standard interface, and the requests and responses are encapsulated by using SOAP (simple object access protocol). When the ESB receives the service requests of the application client and the application server, the ESB searches the requested service and returns the service to the client and the application server.
In the ESB, a service execution engine module is used for functions of discovery, selection, orchestration, etc. of the client and application server request services. The service adapter module mainly realizes the conversion of message protocols with different formats. The service router module is used for completing the operations of discovery, binding, calling and the like of the service requested by the client and the application server. The service monitor module can monitor and manage the running state of the service. The service registry module provides the lookup and registration functions for services.
In the process of accessing each business application system, a user requests unified authentication through an ESB enterprise service bus, and can access application systems with different architectures after completing the unified authentication.
Example 1
The system comprises a containing module:
as shown in FIG. 2, the B/S architecture application provides a unified source of identity authentication data and support services for upper users and Web portals.
The data source is accessed to the ESB and is responsible for uniformly providing the user authentication data of the data source to the uniform identity authentication service. The B/S application is connected and an API interface is invoked to provide user authentication data into the Web portal.
The ESB (enterprise service bus) provides basic data source convergence and integration service.
And the Web portal is responsible for calling the uniform identity authentication interface to realize a visual system service use interface for users to use.
Example 2
The system comprises a containing module:
as shown in FIG. 2, the C/S architecture application provides a unified source of authentication data and support services for upper users and Web portals.
The data source is accessed to the ESB and is responsible for uniformly providing the user authentication data of the data source to the uniform identity authentication service. Connecting the C/S architecture application and calling the API interface to provide the user authentication data into the Web portal.
The ESB (enterprise service bus) provides basic data source convergence and integration service.
And the Web portal is responsible for calling the uniform identity authentication interface to realize a visual system service use interface for users to use.
Example 3
The system comprises a containing module:
as shown in FIG. 2, the B/S structure application, the C/S structure application, the Web services application, the CORBA application, the DCOM application and the Java application provide a uniform identity authentication data source and support service for upper-layer users and Web portals.
The data source is accessed to the ESB and is responsible for uniformly providing the user authentication data of the data source to the uniform identity authentication service. And simultaneously connecting the B/S structure application, the C/S structure application, the Web services application, the CORBA application, the DCOM application and the Java application and calling an API (application programming interface) to provide the user authentication data into the Web portal.
The ESB (enterprise service bus) provides basic data source convergence and integration service.
And the Web portal is responsible for calling the uniform identity authentication interface to realize a visual system service use interface for users to use.
The main functions of the invention are as follows: the uniform identity authentication method based on the ESB is wide in application range, low in development difficulty and convenient and fast to implement. The technology mainly provides uniform identity authentication service for each business application system of a user, the user can log in each application system only by once authentication, and the frameworks of each application system can be unified.
In summary, after reading the present disclosure, those skilled in the art can make various other corresponding changes according to the technical solutions and concepts of the present disclosure in combination with their own specialties, which all fall within the scope of the present disclosure.
Claims (3)
1. The uniform identity authentication method based on the ESB is characterized by comprising a user layer, an application layer, a service layer, a data aggregation layer and a data source layer; the data source layer is connected with the service layer through the data convergence layer, and the service layer is connected with the application layer; the application layer is a user, the application layer is a Web portal, and the service layer is unified identity information; the aggregation layer is an Enterprise Service Bus (ESB); the data source layer is user authentication data of B/S structure application, C/S structure application, Web services application, CORBA application, DCOM application and Java application; the ESB is connected with the Web portal through the unified identity authentication service.
2. The ESB-based unified identity authentication method of claim 1, wherein the API interface is connected to the ESB through a unified identity authentication service; the Web portal is a unified portal edited by a Java language architecture; the user inputs an account password through a Web portal, and the Web portal calls a data source layer through unified identity authentication information and ESB; the data source layer is one or more of user authentication data of B/S structure application, C/S structure application, Web services application, CORBA application, DCOM application and Java application.
3. The ESB-based unified identity authentication method according to claim 1, wherein said unified identity authentication information, said client, said application server and said ESB communicate with each other through Simple Object Access Protocol (SOAP).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010638944.7A CN111800417A (en) | 2020-07-06 | 2020-07-06 | ESB-based unified identity authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010638944.7A CN111800417A (en) | 2020-07-06 | 2020-07-06 | ESB-based unified identity authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111800417A true CN111800417A (en) | 2020-10-20 |
Family
ID=72811262
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010638944.7A Pending CN111800417A (en) | 2020-07-06 | 2020-07-06 | ESB-based unified identity authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111800417A (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201118607Y (en) * | 2007-11-19 | 2008-09-17 | 上海久隆电力科技有限公司 | Uniform identity authentication platform system |
| JP2010092407A (en) * | 2008-10-10 | 2010-04-22 | Nippon Telegr & Teleph Corp <Ntt> | Authentication information processing apparatus, authentication information transmission method, and authentication method |
| US20100175114A1 (en) * | 2009-01-08 | 2010-07-08 | Mark Cameron Little | Adding biometric identification to the server security infrastructure for an enterprise service bus system |
| US20110321136A1 (en) * | 2010-06-29 | 2011-12-29 | International Business Machines Corporation | Generalized identity mediation and propagation |
| CN102385739A (en) * | 2011-11-15 | 2012-03-21 | 中国电力科学研究院 | Integrated information management platform for county-level power supply enterprises |
| CN102663543A (en) * | 2012-03-22 | 2012-09-12 | 北京英孚斯迈特信息技术有限公司 | Scheduling system used for enterprise data unification platform |
| CN103001775A (en) * | 2012-12-27 | 2013-03-27 | 北京邮电大学 | Enterprise service bus (ESB) based system and method for safety management |
| CN103259663A (en) * | 2013-05-07 | 2013-08-21 | 南京邮电大学 | User unified authentication method in cloud computing environment |
| CN103839138A (en) * | 2014-03-08 | 2014-06-04 | 成都文昊科技有限公司 | System for supporting interaction of multiple heterogeneous systems |
| CN105930969A (en) * | 2016-04-19 | 2016-09-07 | 国网浙江省电力公司信息通信分公司 | Emergency command intelligent scheduling system based on LTE network |
| CN108769029A (en) * | 2018-05-31 | 2018-11-06 | 中国农业银行股份有限公司 | It is a kind of to application system authentication device, method and system |
| CN110891060A (en) * | 2019-11-26 | 2020-03-17 | 昆明能讯科技有限责任公司 | Unified authentication system based on multi-service system integration |
-
2020
- 2020-07-06 CN CN202010638944.7A patent/CN111800417A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201118607Y (en) * | 2007-11-19 | 2008-09-17 | 上海久隆电力科技有限公司 | Uniform identity authentication platform system |
| JP2010092407A (en) * | 2008-10-10 | 2010-04-22 | Nippon Telegr & Teleph Corp <Ntt> | Authentication information processing apparatus, authentication information transmission method, and authentication method |
| US20100175114A1 (en) * | 2009-01-08 | 2010-07-08 | Mark Cameron Little | Adding biometric identification to the server security infrastructure for an enterprise service bus system |
| US20110321136A1 (en) * | 2010-06-29 | 2011-12-29 | International Business Machines Corporation | Generalized identity mediation and propagation |
| CN102385739A (en) * | 2011-11-15 | 2012-03-21 | 中国电力科学研究院 | Integrated information management platform for county-level power supply enterprises |
| CN102663543A (en) * | 2012-03-22 | 2012-09-12 | 北京英孚斯迈特信息技术有限公司 | Scheduling system used for enterprise data unification platform |
| CN103001775A (en) * | 2012-12-27 | 2013-03-27 | 北京邮电大学 | Enterprise service bus (ESB) based system and method for safety management |
| CN103259663A (en) * | 2013-05-07 | 2013-08-21 | 南京邮电大学 | User unified authentication method in cloud computing environment |
| CN103839138A (en) * | 2014-03-08 | 2014-06-04 | 成都文昊科技有限公司 | System for supporting interaction of multiple heterogeneous systems |
| CN105930969A (en) * | 2016-04-19 | 2016-09-07 | 国网浙江省电力公司信息通信分公司 | Emergency command intelligent scheduling system based on LTE network |
| CN108769029A (en) * | 2018-05-31 | 2018-11-06 | 中国农业银行股份有限公司 | It is a kind of to application system authentication device, method and system |
| CN110891060A (en) * | 2019-11-26 | 2020-03-17 | 昆明能讯科技有限责任公司 | Unified authentication system based on multi-service system integration |
Non-Patent Citations (2)
| Title |
|---|
| 李福林 等: "基于ESB的统一身份认证系统设计与实现", 《计算机应用》 * |
| 李顺忠: "基于SOA架构的多认证方式统一认证平台", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7917629B2 (en) | Interface for external system management | |
| US7591006B2 (en) | Security for external system management | |
| CN102346669B (en) | Mobile terminal safety middleware system and method based on metadata | |
| CN112612629A (en) | Method and system for realizing component type data interface | |
| CN104579792A (en) | Architecture and method for achieving centralized management of various types of virtual resources based on multiple adaptive modes | |
| US8589381B2 (en) | Resource management program, resource management process, and resource management apparatus | |
| CN111541599B (en) | Cluster software system and method based on data bus | |
| CN101771724B (en) | Heterogeneous distributed information integration method, device and system | |
| CN115695139A (en) | Method for enhancing micro-service system architecture based on distributed robust | |
| CN101631134A (en) | Network message exchange service manager for distributed type computing environment | |
| CN109218378B (en) | Design method of small logistics management platform based on cloud platform | |
| CN101304410A (en) | Intelligent information platform for distributed WEB | |
| CN112068929A (en) | Unified management method for accessing multi-architecture cloud platform to third-party web service | |
| He et al. | Research on architecture of internet of things platform based on service mesh | |
| CN111800417A (en) | ESB-based unified identity authentication method | |
| Qiu et al. | Design and application of data integration platform based on web services and XML | |
| CN112783049B (en) | Lamp networking remote control system based on little service | |
| CN116260878A (en) | Service center system based on global service structure server of distributed computing and storage | |
| US20040107244A1 (en) | Scalable and intelligent network platform for distributed system | |
| US20080027944A1 (en) | Globally unique instance identification | |
| CN115150406B (en) | Cross-data center distributed ESB configuration management system | |
| Wang et al. | Research on data exchange platform for power enterprise based on ESB | |
| CN103281343A (en) | Realization method of universal historical data service based on agency mechanism | |
| Gu et al. | Research and design of digital content management system based on microservice | |
| Luo et al. | Study on computing grid distributed middleware and its application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201020 |
|
| RJ01 | Rejection of invention patent application after publication |